Sign in

Sign in to confirm

Carrier IQ: What You Need to Know About the Biggest Android Security Threat in History

Steven Blum2011-12-02T13:34:50ZDec 2, 2011

Steven Blum
Steven Blum has written more than 2,000 blog posts as a founding member of AndroidPIT's English editorial team. A graduate of the University of Washington, Steven Blum also studied Journalism at George Washington University in Washington D.C. for two years. Since then, his writing has appeared in The Stranger, The Seattle P-I, Blackbook Magazine and Venture Villlage. He loves the HTC One and hopes the company behind it still exists in a few years.

2

Carrier IQ has found itself in a heap of trouble recently over accusations that its software – installed on over 140 million devices worldwide – can allegedly log user keystrokes, store text messages, track locations and even record telephone calls. The company has big-time partners like Sprint, HTC and, allegedly, Apple and Samsung. Nokia, RIM and Verizon are supposedly partners as well, but these companies deny the claim.

What it does:

Allegedly, Carrier IQ can monitor just about everything you do on your phone – from the messages you type to those you receive, from your voicemails to your location at any given time. The app can apparantly track users in real time.

Carrier IQ users are completely unaware of the software's existence in their phone – it runs in the background and doesn't require authorization in order to function. It is difficult to disable on Android, although it seems iOS users can turn it off fairly easily.

Privacy concerns were originally brought to light by Trevor Erckhart, a security researcher. In the video below, you can clearly see Carrier IQ logging keystrokes, tracking location and intercepting text messages. The software manages to log every keystroke – even in Airplane mode. Even more frustratingly, it doesn't respond to "Force Quit" commands, meaning its essentially impossible to get rid of.

It should be noted that, while Carrier IQ is capable of monitoring all of these behaviors, it's unclear which function is enabled on which phone. Carriers get to decide how their phones are monitored and which kinds of information they're interested in obtaining. For instance, a manufacturer may be interested in where their phones have bad coverage – Carrier IQ can help with that.

The response:

The response from carriers and manufacturers has been to deny that they even have access to the kind of information Carrier IQ is capable of providing. Sprint has said, "We do not and cannot look at the contents of messages, photos, videos, etc., using this tool," while HTC also insists that the information is encrypted and is only collected if users "opt-in" to the service.

The response from users, blogs and even legislators has been overwhelming. Senator Al Franken released a statement yesterday, condemning the alleged security breach and calling for swift legislative action. “These actions may violate federal privacy laws, including the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act. This is potentially a very serious matter," he said on his website.

Indeed, a class action lawsuit may be the only way for there to be any transparancy about what kind of information, exactly, Carrier IQ is holding on to. We'll let you know more when we know more.

Comments

And it is logcat — so for example Amazon can read the info as well. Any Application which has the “READ_LOGS — Allows an application to read the low-level system log files.” And in recent times READ_LOGS has become very famous.

Still, if you have Carrier IQ you should really deinstall all applications which READ_LOGS.